Skip to main content

tv   Attorney General Barr at Justice Department Lawful Access Summit  CSPAN  October 10, 2019 12:06pm-12:31pm EDT

12:06 pm
in washington, d.c. he spoke about social media and technology companies using in to end encryption as a threat it poses to the public. on the same day of his remarks he along with his counterparts from united kingdom and australia sent a letter to facebook ceo mark zuckerberg asking the company to delay plans for end-to-end encryption across its messaging services slighting public safety. [applause] >> good afternoon, everybody, or that morning. thank you for that introduction, see you, and thank you and your team for putting on this wonderful program. it's great to see so many members of law enforcement who are here today.
12:07 pm
many of you have come a long way, and we appreciate your presence. you are joined by those from the ngo community, industry, and capitol hill. perhaps this is the first time that so many stakeholders in the lawful access conversation have been in one place. i am especially thankful to be joined by two good friends from abroad, our staunchest allies, peter dutton, this chilean minister for home affairs, and the home secretary of united kingdom. i think each of you for coming, accepting my invitation to be here. our nations face a constellation of common security concerns, but we don't face them alone. we have always stood shoulder to shoulder in the fight for freedom, peace, and security,
12:08 pm
and we will continue to do so. just last night we come on behalf of our governments come sign the first ever agreement under the cloud act, which became law last year thanks to industry support, bipartisan congressional action, and the president's leadership. that act greatly facilitates criminal investigations by allowing law enforcement from each country to obtain evidence directly from each other's commercial providers, pursuant to legal process that safeguards privacy rights. the theme of today's summit, work proof encryption, is distinct from the cloud act. but the act is worth mentioning at the outset because it serves as an excellent example of how much we can achieve when all stakeholders come together in
12:09 pm
pursuit of a common goal. to address the lawful access issue it will take that kind of commitment, along with an honest public discussion. as individuals and as a nation, we have become dependent on a vast digital infrastructure. that in turn has made as vulnerable to cyber criminals and foreign adversaries that target that infrastructure. encryption provides enormous benefits to society by enabling secured communications, data storage, and online transactions. as the federal government, we welcome these improvements to privacy and security, and will work to preserve and strengthen them. but the digital world that has proven such a boon in many ways has also empowered criminals. like everybody else, criminals
12:10 pm
of all stripes increasingly rely on wireless communications, handheld devices, and the internet. in today's world evidence of crime is increasingly digital evidence. as we work to secure our data and our two medications from hackers, we must recognize that our citizens face a far broader array of threats. hackers are a danger, but so are violent criminals, terrorists, drug traffickers come human traffickers, fraudsters, and sexual predators. while we should not hesitate to deploy encryption to protect ourselves from cyber criminals, this should not be done in a way that eviscerates societies ability to defend itself against other types of criminal threats. in other words, making our virtual world more secure,
12:11 pm
should not come at the expense of making us more vulnerable in the real world. enjoyment of all of personal rights, all the rights we cherish, whether to life, liberty, to property, speech for privacy, ultimately depends upon our ability to maintain a safe society. whether you agree with john locke about everything, he was certainly right about that. the founding document of our republic, the constitution, state at the outset that one of the principal reasons we have framed our body politic is to provide just this security record as it states, to provide for the common defense. that is, security from foreign enemies, and to insure domestic tranquility. that is, protection from predators within society. in less society as a whole has
12:12 pm
the ability to preserve this decent security, all rights ultimately become meaningless. the essence of all political thinking is about how to reconcile the claims of the individual with the interests of the broader community. in all the great countries represented here right now on this stage, we have erected strong protections around our individual rights. there are none stronger in the world. but while at the same time we have placed some constraints on thin, were necessary to protect, the safety of society as a whole. apart from life itself, liberty is our greatest value, and yet limits are placed even on this court right when necessary to protect the safety of society. we deprive people of their
12:13 pm
liberty. we arrest them. we taken into custody when we have probable cause to believe that they have committed or are engaged in a crime. if we could wave a magic wand right now and conjure up some technology that would enhance all of our liberty individually, by absolutely insulating every individual from being physically hindered, even prevent any possible arrest, would we want to deploy this technology? it might protect the innocent from being mugged, i don't also insulate all criminals from being arrested. what is happening here is that some companies want to say to the individual, hey, we can make you invisible to law enforcement. but do we want to live any society where everyone -- in a a
12:14 pm
society where everyone is invisible to law enforcement? these considerations apply to privacy. that's that right has never been absolute. the fourth amendment strikes a balance between the individual citizens interest in conducting certain of their affairs in private, and the general publics interest in subjecting possible criminal activity to investigation. it does so on the one hand, by securing for each individual a private enclave around his persons house, papers, and the facts, a zone and abide individuals own reasonable expectation of privacy. and as long as an individual acts within that zone of privacy, his activities are shielded from unreasonable government investigation. on the other hand, the fourth amendment establishes that under certain circumstances the public as a legitimate need to gain
12:15 pm
access to and individuals zone of privacy in pursuit of public safety. and it defines the terms under which the government obtains that access. when the government has probable cause to believe that evidence of a crime is within the individual sort of privacy, the government is entitled to search for and seize that evidence. and the search usually must be preceded by judicial determination that probable cause exists and the authorized by a warrant. now, as you heard this morning some companies want to deploy end-to-end encryption on consumer products that would completely prevent law enforcement from gaining access to data or medications, even when there is probable cause. essentially, this would establish privacy as an absolute right without regard to the safety or the impact on society as a whole. it is hard to overstate how
12:16 pm
perilous this is. by enabling dangerous criminals to cloak their communications and activities behind, and essentially impenetrable digital shield, the top one of what proof encryption is already imposing huge costs on society -- warrent-proof encryption. it's not just reprehensible behavior of sexual predation on children, but merely additional forms of serious crimes enabled by end-to-end encryption. this technology is quickly extinguishing our ability to detect and prevent a wide range of criminal activity, from terrorism come to large-scale drug trafficking, the financial fraud, to human trafficking, to transnational connectivity. and the clock is ticking. one further point about the costs imposed on society by
12:17 pm
warrent-proof encryption. it is not just about the crimes that could've been avoided or the criminals that escape punishment. converting the internet and communication platforms into a free zone, a law free zone, that's giving criminals the needs to operate free of any lawful scrutiny will inevitably propel an expansion of criminal activity. if you remove any possibility that the cops are going to be watching a neighborhood, the criminals already in that neighborhood will commit a lot more crimes. let me address some of the canards that are floating around in this discussion. first, it is claimed that law enforcement is asking to impinge on privacy. nothing could be further from the truth. we are not seeking to move the goalposts at all. we are sticking to preserve the
12:18 pm
degree of privacy to which we have always been entitled under our constitution. it is not a degree of privacy that is absolute and impervious under all circumstances. it is a right to privacy that allows for lawful access when society can demonstrate a sufficiently compelling need. in this regard i was amused to see the impassioned statement of a leading digital rights activist two days ago. it said a secured messenger platform should provide the same amount of privacy as you have in your living room. that's right. we agree. [laughing] that's exactly what law enforcement is seeking. and as you should all know, with a warrant, law enforcement can't get access to your living room, both physically and virtually, where there is probable cause to
12:19 pm
do so. it's also said that the government is seeking some secret backdoor to all data and communications. that sounds very nefarious, but it's false. we are seeking a front door. we would be happy if the companies providing the encryption keep the keys. what we are asking is that some responsible party has the keys so that when we can demonstrate and lawful basis, probable cause that crimes are being committed, we can gain access to that evidence. it also seems to me that the argument of companies that want to deploy warrent-proof encryption rests on an unsustainable premise. the companies seem to think that the debate is over once they show that the technology will achieve some incremental increase in privacy, regardless of the impact on the welfare of society.
12:20 pm
but our history shows that the extent of the rights has always depended on a balance between the claims of the individual and those of society. think of it this way. in the hierarchy of rights and values, the right to life is at the top. there are many technologies available that could provide more security for my personal right to life. i would be much safer cruising down the highway in an and in e tank, but the risks that would be invariably opposed to all of the drivers would be too great. optimizing the value of one value only is not the end end e inquiry. the externalities of achieving that isolated goal at all costs are just unacceptably high. the heart of the matter is this. due to security advantages of warrent-proof encryption offer to the individual outweigh the
12:21 pm
risks posed to the public by the same technology. this is not a decision for the companies to make themselves. it is a decision for society to make. the public can enjoy the benefits of encryption while still allowing for lawful access. there is no doubt that we all benefit from encryption. it allows for e-commerce and many other online applications, but those are not the applications that we are talking about. we are not talk about consumer interaction with ongoing enterprise such as banks or retailers. law enforcement can go to those institutions with a warrant and obtain the information that we seek. and we're not talking the encryption for enterprises like power companies or banks that the use to protect their operations. what we are concerned about is
12:22 pm
consumer to consumer communications and consumer devices and data storage. the argument is made that to achieve perfect protection against that actors, it is essential to override societies interests in retaining access the evidence. some hold this view dogmatically claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access. but in the world of cybersecurity, we do not deal with absolute guarantees, but in relative risks. all systems fall short of optimality and have some residual risk of vulnerability, a point which the tech community acknowledges when they propose that law enforcement can satisfy our requirements by exploiting vulnerabilities in their
12:23 pm
products. the real question is whether the residual risk of vulnerability resulting from incorporating and lawful access mechanism material -- is materially greater than those already in the unmodified product, , and the department ds not believe that that can be demonstrated. we are confident that our technical solutions that will allow lawful access without me too early weakening the security provided to consumers that materially weakening the security invited to consumers by encryption. such encryption regimes already exist. to that point, the tech committee regularly inform its new features that slightly affect the potency of encryption and other secret protocols, and they do so because it's profitable and because those features benefit consumers. for example, providers design their products to allow access
12:24 pm
for software updates using centrally managed security kids. even if allowing for lawful access resulted in theory in a slight risk differential, it's significant -- it's significant should not be judged solely by the fact that it falls short of the theoretical optimality perfect protection, the platonic ideal. the significance of any incremental list should be assessed on its practical effect on consumer cybersecurity as well as its relation to the net risks that offering the product poses for society. that must also take into account alternative and less socially injurious ways of mitigating the risk. if one already has an effective level of security, say by way of
12:25 pm
illustration and that protects against 99% of foreseeable threats, is it reasonable to incur massive further costs to move slightly closer to optimality and attain, say, a 99.5% level of protection, even where the risks addressed is extremely remote? a companies shareholders would not allow the company to incur the costs of imposing that change. and society should not allow companies to inflict those costs on society itself. at the end of the day we must make these choices based on the net benefit to society. it the choice is between a world where we can achieve 99% assurance against cyber threats for the typical consumer, while still providing law enforcement 80% of access it needs to
12:26 pm
protect society, or a world where we have boosted our cybersecurity the 99.5% but at a cost of reducing law enforcement access to zero, the choice for society should be clear. i want to make a point about freedom and our privacy. throttling the ability of law enforcement to detect an interdict criminal actors does not advance either privacy or freedom. ultimately, , there are two ways of protecting society, either detect and neutralize the bad guys, or regiment society as a whole. anyone who has gone through the security line at an airport moving your shoes, your belt -- removing -- having your close spewed out on the table,
12:27 pm
toiletries, for all to see, knows firsthand that regimentation places a burden on our privacy rights. i call it the curfew concept. when i was first attorney general 28 years ago, there was a lot of violence in our urban areas, much of it induced by gang activity, and there were two different approaches used. some cities empowered their police to identify and neutralize the gangs and get them off the streets. others adopted the regimentation approach, the curfew. everybody was kept off the streets. not the bad guys, everybody. and those are the two approaches to protecting society. more so than ever, the principal law enforcement -- tool, that we
12:28 pm
have in law enforcement to identify and neutralize the criminals is to listen to and read their communications. there is no substitute. and if we lose the ability to conduct electronic surveillance or to access digital records, we will inevitably be driven to greater and greater regimentation of society in order to secure ourselves. in turn we will do our liberty as well as our privacy. that is an extremely high price to pay if we prioritize impenetrable encryption above all else. i do wish to give credit where credit is due. some tech companies have taken significant steps to help detect and report criminality. when it comes to preventing crime, we hope that industry will continue to be an ally, not an adversary we hope that the power of technology will provide
12:29 pm
greater safety to the public, not placed us at greater risk of harm and exploitation. we think our tech sector has the ingenuity to develop effective ways to provide secure encryption while also providing secure legal access. it's well past time for some in the tech community to abandon the indefensible posture that a technical solution is not worth exploring, and instead turned their considerable talent and ingenuity to developing products that were reconciled good cybersecurity to the imperative of public safety and national security. as microsoft bill gates has observed, there is no question of ability. it's a question of willingness. obviously the department would like to engage with the private sector in exploring solutions. the time to achieve that may be limited. as this debate has dragged on and a point of warrent-proof encryption has accelerated our
12:30 pm
ability to protect the public from criminal threats is rapidly deteriorating. the status quo is exceptionally dangerous, unacceptable, and only getting worse. it is time for us to stop debating whether to address it, and start talking about how to address it. thank you very much. [applause] >> good afternoon. retired general joseph votel former command of central command joins a discussion on your security operations in the middle east. live coverage here on c-span2. >> examining centcom approach to the middle east. today's event gives us the opportunity to reflect on the buy with and through approach and explore prospects for an effective u.s. military role in the region, especially g


info Stream Only

Uploaded by TV Archive on